2 * Copyright (c) 1996, 1998-2000, 2004, 2007-2011
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
31 * A command with args. XXX - merge into struct member.
39 * Tags associated with a command.
40 * Possible values: true, false, UNSPEC.
43 __signed int nopasswd: 3;
44 __signed int noexec: 3;
45 __signed int setenv: 3;
46 __signed int log_input: 3;
47 __signed int log_output: 3;
51 * SELinux-specific container struct.
52 * Currently just contains a role and type.
60 * Solaris privileges container struct
61 * Currently just contains permitted and limit privileges.
62 * It could have PFEXEC and PRIV_AWARE flags added in the future.
64 struct solaris_privs_info {
70 * The parsed sudoers file is stored as a collection of linked lists,
71 * modelled after the yacc grammar.
73 * Other than the alias struct, which is stored in a red-black tree,
74 * the data structure used is basically a doubly-linked tail queue without
75 * a separate head struct--the first entry acts as the head where the prev
76 * pointer does double duty as the tail pointer. This makes it possible
77 * to trivally append sub-lists. In addition, the prev pointer is always
78 * valid (even if it points to itself). Unlike a circle queue, the next
79 * pointer of the last entry is NULL and does not point back to the head.
81 * Note that each list struct must contain a "prev" and "next" pointer as
82 * the first two members of the struct (in that order).
86 * Tail queue list head structure.
95 * Structure describing a user specification and list thereof.
98 struct userspec *prev, *next;
99 struct member_list users; /* list of users */
100 struct privilege_list privileges; /* list of privileges */
104 * Structure describing a privilege specification.
107 struct privilege *prev, *next;
108 struct member_list hostlist; /* list of hosts */
109 struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
113 * Structure describing a linked list of Cmnd_Specs.
116 struct cmndspec *prev, *next;
117 struct member_list runasuserlist; /* list of runas users */
118 struct member_list runasgrouplist; /* list of runas groups */
119 struct member *cmnd; /* command to allow/deny */
120 struct cmndtag tags; /* tag specificaion */
122 char *role, *type; /* SELinux role and type */
125 char *privs, *limitprivs; /* Solaris privilege sets */
130 * Generic structure to hold users, hosts, commands.
133 struct member *prev, *next;
134 char *name; /* member name */
135 short type; /* type (see gram.h) */
136 short negated; /* negated via '!'? */
139 struct runascontainer {
140 struct member *runasusers;
141 struct member *runasgroups;
145 * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
146 * Aliases are stored in a red-black tree, sorted by name and type.
149 char *name; /* alias name */
150 unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
151 unsigned short seqno; /* sequence number */
152 struct member_list members; /* list of alias members */
156 * Structure describing a Defaults entry and a list thereof.
159 struct defaults *prev, *next;
160 char *var; /* variable name */
161 char *val; /* variable value */
162 struct member_list binding; /* user/host/runas binding */
163 int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
164 int op; /* true, false, '+', '-' */
168 * Parsed sudoers info.
170 extern struct userspec_list userspecs;
171 extern struct defaults_list defaults;
174 * Alias sequence number to avoid loops.
176 extern unsigned int alias_seqno;
181 char *alias_add(char *, int, struct member *);
182 bool addr_matches(char *);
183 int cmnd_matches(struct member *);
184 int cmndlist_matches(struct member_list *);
185 bool command_matches(char *, char *);
186 int hostlist_matches(struct member_list *);
187 bool hostname_matches(char *, char *, char *);
188 bool netgr_matches(char *, char *, char *, char *);
189 bool no_aliases(void);
190 int runaslist_matches(struct member_list *, struct member_list *, struct member **, struct member **);
191 int userlist_matches(struct passwd *, struct member_list *);
192 bool usergr_matches(char *, char *, struct passwd *);
193 bool userpw_matches(char *, char *, struct passwd *);
194 bool group_matches(char *, struct group *);
195 struct alias *alias_find(char *, int);
196 struct alias *alias_remove(char *, int);
197 void alias_free(void *);
198 void alias_apply(int (*)(void *, void *), void *);
199 void init_aliases(void);
200 void init_lexer(void);
201 void init_parser(const char *, bool);
202 int alias_compare(const void *, const void *);
204 #endif /* _SUDO_PARSE_H */